OMB Circular No. A-130 requires that agencies develop system security plans for major applications and general support systems, and that these plans address policies and procedures for providing management, operational, and technical controls. NIST Special Publication 800-53 states that the security plan should be updated to address changes to the system, its environment of operation, or problems identified during plan implementation or security control assessments.